Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-3551 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.6/2.7 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 6.1 |
| 2020-11-06 | CVE-2020-3444 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. | 5.0 |
| 2020-11-06 | CVE-2020-27129 | Argument Injection or Modification vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. | 6.7 |
| 2020-11-06 | CVE-2020-27128 | Path Traversal vulnerability in Cisco Sd-Wan A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. | 6.5 |
| 2020-11-06 | CVE-2020-27123 | Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. | 5.5 |
| 2020-11-06 | CVE-2020-27121 | Improper Handling of Exceptional Conditions vulnerability in Cisco Unified Communications Manager IM and Presence Service 12.5(1) A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. | 6.5 |
| 2020-11-06 | CVE-2020-26086 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Telepresence Collaboration Endpoint A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. | 4.3 |
| 2020-11-06 | CVE-2020-26084 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Edge FOG Fabric A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. | 6.5 |
| 2020-11-06 | CVE-2020-26083 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2020-10-21 | CVE-2020-3599 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |